Solved

I am working on a Juniper-NS5GT  firewall and I need to port foward 3389 to a client machine

Posted on 2009-05-19
8
656 Views
Last Modified: 2013-11-16
I have a third party app company who is going to need to get into a machine
To make it easier for you guys  here is the IP of the router 192.168.7.1
here is the IP address of the client Machine 192.168.7.56
Please advise on this thank you and I ask for no KB articles just simple answers as I am under the GUN to get this done
0
Comment
Question by:explorer648
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425484
Try this:

Go to Objects ->Services -> Custom
Create a new service for TCP port 3389

Create a policy from Untrust to Trust
Source Address - Any or if you know the IP of your partner
Destination Address - 192.168.7.56
Service - Custom Service
Action - Permit
Check logging and at session beginning (Optional)

I think that should do it
0
 

Author Comment

by:explorer648
ID: 24425688
Umm tried it and after i did it it does not work?
here is the screen shots



policy-page.bmp
PORT.bmp
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425978
My bad, i was wrong on the destination setup.

Create a Address list called VIP TS
Assign your public IP

In Network -> Interfaces
Edit your public interface

Goto VIP properties
Create new VIP service
Assign port 3389 to 192.168.7.56

Now set your destination address in your policy as VIP TS
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 6

Expert Comment

by:drewha1969
ID: 24425997
PS  Setup your VIP TS as a Global address
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24426866
As a side note, this should work, as we have it done this way to pass port 80 to our webserver, however I am definitely not a security guru and am not sure of all the ramifications of opening up a desktop to the internet on that port.  As far as i know, if the machine has strong passwords, it should be safe, but again, I am no guru.

To clarify and make sure I have given you the correct information, it sounds like you do not have a VPN setup between your 2 networks and you are trying to connect over the internet.  If so, setting up the destination as I have described above should work.
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24431253
I feel I may have been rushing through the VIP part and left out some details so:

Network -> Interfaces
Edit Public Interface (Usually Ethernet 3)
VIP
If no previous entries, follow the next step, else skip to New VIP Service
Add/Modify VIP entry -> select "Same as the untrusted interface IP address" -> Add

New VIP Service
Virtual IP -> Public IP
Virtual Port -> 3389
Map to Service -> Custom service (TS) 3389
Map to IP -> 192.168.7.56
Check Server Autodetection

0
 
LVL 6

Accepted Solution

by:
drewha1969 earned 500 total points
ID: 24431285
Sorry again, set the netmask as 32 for your global address.
VIP TS = PublicIP/32
0
 

Author Comment

by:explorer648
ID: 24606965
I have not had a chance to try this new solution yet I will try it and see where it takes me
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question